Managed Enterprise Workspace

Microsoft published the Intel microcode update for Windows 10 1709 as a standalone update (KB4090007), so it is not showing up in WSUS. However, it can be deployed as an application:
wusa.exe “windows10.0-kb4090007-x64_7063a0b6a38e2a648aa1d77570503f7062360c9d.msu” /quiet /norestart
But, even if the current version 1.003 is already supporting more CPU models as version 1.001, it doesn’t cover all processor models in the environment. In addition, we already saw different updates popping-up allowing microcode updates on older Windows 10 releases. So, we want to have the application as dynamic as possible w/o the need to create many different collections.

Global Conditions

First, in case you did not already have one for the Windows 10 build, we get ‘Windows CurrentBuildNumber’ from registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
CurrentBuildNumber

Detection

If Microsoft is publishing microcode updates for more CPUs, we will extend the Global Condition ‘CPUIDs supported for microcode update’. And if the microcode updates supporting older releases of Windows 10 are out, we add Deployment Types. So, we can deploy the same application to all clients and have them protected.
And, don’t forget to run a simulation first!